Hi,
I've written an application which must listen promiscuously on a
FDDI token ring network that captures packets based on their
destination(among other things). Upon capture, the packets are
correlated and their payloads are appended together to recreate the data
which is flowing between other machines on the network. The problem I'm
seeing is that when I receive a packet into my callback function, it
always contains some garbage right in the middle. Usually, it starts
around word 246 or so (of the payload, not counting FDDI, IP and TCP
headers) and continues for a variable length. It seems to be about 20
words of garbage. I even resorted to dumping the packet in pcap_read,
before the callback, and it was the same thing. The garbage has a very
distinct pattern, and it seems not to overlay the real packet data, but
rather it seems to be inserted right in the middle. (I'd really like to
include a hex dump of the garbage but this is happening on a classified
system and I'd have to jump through a ton of hoops to put it here, if it
would even be allowed at all.)
I'll try to think of all the relevant information to put here. The
machine doing the capturing is a Sun Ultra 60, running SunOS 5.6. The
version of libpcap is 0.7.1, and I've also experienced the same problem
with 0.6.2. The FDDI card, I *believe* is a Syskonnect but I'm not 100%
sure. The admins have assured me that all the latest OS patches and
drivers have been installed. And, I've been compiling with gcc 3.01.
Actually, I compiled the library with gcc, and have been compiling my
application with Sun Forte 6 U2 (C++). I can't think of any other vital
info to put here, but if anyone needs any clarification or additional
info to be able to help me out I'm glad to provide it. Any help that
anyone can provide is *greatly* appreciated. Thanks,
Mike Gray
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
